Former US Intelligence Analysts Sued For Hacking A Saudi Activist's Phone On Behalf Of The United Arab Emirates

from the hacking-victim-getting-the-chance-to-inflict-some-misery-of-her-own dept

In early 2019, a whistleblower revealed some ugliness emanating from the United Arab Emirates: former NSA analysts working for a private company hired to perform counterterrorism work for the government were spying on journalists, activists, and the occasional American citizen on behalf of their royal benefactors.

Why these analysts were working for known human rights abusers was unclear. Why they decided this work should involve targeting people who weren't terrorists, but rather critics of the UAE government, was similarly left unexplained. The program was called Project Raven and former employee Lori Stroud was the only person involved willing to speak publicly about its activities. Everyone else -- from the NSA to the UAE government -- refused to comment.

More than two years later, the harms perpetrated by these former analysts were given a price tag. Three former US intelligence community analysts (two of which worked for the NSA) were fined $1.68 million for utilizing powerful hacking tools to target dissidents, activists, journalists, and the occasional American citizen for the UAE government. The tools used included "Karma," which was capable of remotely compromising targets' phones without any interaction from phone owners, allowing for wholesale collection of photos, emails, text messages and location information.

Over the years covered in the indictment (which resulted in the fines mentioned above), the analysts began with Project Raven, which migrated from Cyberpoint (a company associated with Italy's infamous Hacking Team), before finally ending up as a wholly-UAE-owned company called Darkmatter.

It's this company that's now being sued by one of its targets, a Saudi activist represented by the EFF.

The Electronic Frontier Foundation (EFF) filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.

AlHathloul is among the victims of an illegal spying program created and run by former U.S. intelligence operatives, including the three defendants named in the lawsuit, who worked for a U.S. company hired by United Arab Emirates (UAE) in the wake of the Arab Spring protests to identify and monitor activists, journalists, rival foreign leaders, and perceived political enemies.

The defendants include Darkmatter, the UAE-owned company that acted on behalf of the Kingdom of Saudi Arabia. Also named are the three former US Intelligence Community analysts who were fined $1.68 million by the federal government in September 2021.

A lot of what's alleged mirrors what we've been seeing over the past several months emanating from Israel malware manufacturer, NSO Group: powerful phone hacking tools, authoritarian governments, and the targeting of government critics, political opponents, and journalists. We've heard plenty about who's been targeted. We don't often hear what happens to those targeted when the governments targeting them finally catch up to them. AlHathoul's lawsuit [PDF] details the end result of her targeting by former NSA analysts working for Project Raven and Darkmatter.

[AlHathloul's] phone was initially hacked in 2017, gaining access to her texts, email messages, and real-time location data. Later, AlHathloul was driving on the highway in Abu Dhabi when she was arrested by UAE security services, and forcibly taken by plane to the KSA, where she was imprisoned twice, including at a secret prison where she was subject to electric shocks, flogging, and threats of rape and death.

I'm sure the named analysts would prefer not to know the human misery their work for the UAE and KSA (Kingdom of Saudi Arabia) resulted in. It's always easier to think of targets in the abstract: an identifier devoid of personal agency, compromised and controlled by ones and zeroes similarly devoid of personality. This lawsuit will force them to confront what they enabled and, possibly, compensate this activist for the harms they enabled.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: activism, hacking, karma, malware, nsa, spyware
Companies: darkmatter